From: Rainer L. <li...@fo...> - 2000-07-12 08:14:03
|
Hi! Just FYI -------- Original Message -------- Subject: Re: SuSE Security Announcement: tnef Date: Tue, 11 Jul 2000 19:41:23 +0200 From: Rainer Link <li...@fo...> Organization: http://rainer.w3.to/ To: bu...@se... References: <20000711135141.705B0885@Galois.suse.de> Thomas Biege wrote: > ______________________________________________________________________________ > > SuSE Security Announcement > > Package: tnef < 0-124 > Date: Mon Jul 10 19:19:16 CEST 2000 > > Affected SuSE versions: 6.3-6.4 > Vulnerability Type: remote compromise > SuSE default package: no > Other affected systems: all unix systems using this package > ______________________________________________________________________________ [cut] > 2. Impact > > By specifing a path name like /etc/passwd and sending a compressed > mail to root an adversary could gain remote root access to a system > by overwriting the local password database. > The same could happen if a mail virus scanner, like AMaVIS, process' > a malicious mail. FYI: AMaViS-Perl: not affected, as a Perl module is used TNEF support was added to AMaViS 0.2.0-pre6-clm-rl-8-20000604 (previous versions are therefore *not* affected), but AMaViS does not run as root when used with qmail, exim and postfix. AMaViS is run as root, when used with sendmail and AMaViS is called via Mlocal. AMaViS may not run as root, when used with sendmail and the new relay scanning setup for AMaViS (--enable-relay). Anyway, a fix for this possible security hole was provided in AMaViS 0.2.0-pre6-clm-rl-8-20000704. It's available at http://sourceforge.net/projects/amavis, http://cvsweb.amavis.org/ or http://www.computer-networking.de/~link/security/amavis-patch.php3#latest_sources (if you prefer a gzipped tarball). We recommend to use Mark Simpson's TNEF (http://world.std.com/~damned/software.html) which does not suffer from this security problem, as it supportes the -d flag to extract files to a specific directory. I would like to thank Robert Valentan of SOLID-SOFT EDV-VertriebsgmbH/Austria for reporting this problem to us and helping us to fix it. best regards, Rainer Link (AMaViS Developer) -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) li...@su... | Member of AMaViS Development Team (dev.amavis.org) rainer.w3.to | Linux/Unix Anti Virus project (lavp.sourceforge.net) |